Deep Dive into Keystone Tokens and Lessons Learned

Keystone supports four different types of tokens, UUID, PKI, PKIZ, and Fernet. Let’s take a deep dive into:

Understanding token formats
Pros and Cons of each format in Production
Performance across multiple data centers
Token revocation workflow for each of the formats
Horizon usage of the different token types

We previously deployed UUID and PKI in Production and are now moving towards the latest format, Fernet. We would like to share our lessons learned with different formats and help you decide on which format is suitable for your cloud.